metron-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mmiklav...@apache.org
Subject [38/50] [abbrv] metron git commit: METRON-1621: Sorting alerts table by score closes apache/incubator-metron#1088
Date Wed, 11 Jul 2018 01:32:54 GMT
METRON-1621: Sorting alerts table by score closes apache/incubator-metron#1088


Project: http://git-wip-us.apache.org/repos/asf/metron/repo
Commit: http://git-wip-us.apache.org/repos/asf/metron/commit/4519f721
Tree: http://git-wip-us.apache.org/repos/asf/metron/tree/4519f721
Diff: http://git-wip-us.apache.org/repos/asf/metron/diff/4519f721

Branch: refs/heads/feature/METRON-1554-pcap-query-panel
Commit: 4519f72104b294c2f0eb8135181a3fa68eee9088
Parents: c4c790d
Author: tiborm <tibor.meller@gmail.com>
Authored: Fri Jun 29 09:17:27 2018 -0400
Committer: cstella <cestella@gmail.com>
Committed: Fri Jun 29 09:17:27 2018 -0400

----------------------------------------------------------------------
 .../alert-filters/alert-filters.e2e-spec.ts     |  2 +-
 .../e2e/alerts-list/alerts-list.po.ts           |  6 +-
 .../meta-alerts/meta-alert.e2e-spec.ts          |  2 +-
 .../table-view/table-view.e2e-spec.ts           | 90 ++++++++++++++++++++
 .../e2e/alerts-list/table-view/table-view.po.ts | 26 ++++++
 .../alerts-list/tree-view/tree-view.e2e-spec.ts |  4 +-
 .../e2e/mock-data/alerts_ui_e2e_index.data      | 16 ++--
 .../metron-alerts/e2e/utils/e2e_util.ts         | 62 ++++++++------
 .../metron-alerts/protractor.conf.js            |  1 +
 .../table-view/table-view.component.html        | 10 +--
 10 files changed, 172 insertions(+), 47 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/metron/blob/4519f721/metron-interface/metron-alerts/e2e/alerts-list/alert-filters/alert-filters.e2e-spec.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/e2e/alerts-list/alert-filters/alert-filters.e2e-spec.ts b/metron-interface/metron-alerts/e2e/alerts-list/alert-filters/alert-filters.e2e-spec.ts
index d9caf7c..6783d3d 100644
--- a/metron-interface/metron-alerts/e2e/alerts-list/alert-filters/alert-filters.e2e-spec.ts
+++ b/metron-interface/metron-alerts/e2e/alerts-list/alert-filters/alert-filters.e2e-spec.ts
@@ -47,7 +47,7 @@ describe('Test spec for facet filters', function() {
   });
 
   it('should display facets data', async function() : Promise<any> {
-    let facetValues = [ 'enrichm...:country 3', 'ip_dst_addr 8', 'ip_src_addr 2', 'source:type 1' ];
+    let facetValues = [ 'enrichm...:country 3', 'ip_dst_addr 8', 'ip_src_addr 6', 'source:type 1' ];
 
     await page.navgateToAlertList();
     expect(await page.getFacetsTitle()).toEqualBcoz('Filters', 'for Title as Filters');

http://git-wip-us.apache.org/repos/asf/metron/blob/4519f721/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts
index 13aeb27..389d218 100644
--- a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts
+++ b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts
@@ -16,7 +16,7 @@
  * limitations under the License.
  */
 
-import {browser, element, by, protractor} from 'protractor';
+import {browser, element, by, protractor, ElementArrayFinder} from 'protractor';
 import * as moment from 'moment/moment';
 import {
   waitForElementVisibility, waitForElementPresence, waitForElementInVisibility,
@@ -446,10 +446,6 @@ export class MetronAlertsPage {
           .element(by.xpath('../..')).all(by.css('td a')).get(8).getText();
   }
 
-  sortTable(colName: string) {
-    element.all(by.css('table thead th')).all(by.linkText(colName)).get(0).click();
-  }
-
   getCellValue(rowIndex: number, colIndex: number, previousText: string) {
     let cellElement = element.all(by.css('table tbody tr')).get(rowIndex).all(by.css('td')).get(colIndex);
     return this.waitForTextChange(cellElement, previousText).then(() => cellElement.getText());

http://git-wip-us.apache.org/repos/asf/metron/blob/4519f721/metron-interface/metron-alerts/e2e/alerts-list/meta-alerts/meta-alert.e2e-spec.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/e2e/alerts-list/meta-alerts/meta-alert.e2e-spec.ts b/metron-interface/metron-alerts/e2e/alerts-list/meta-alerts/meta-alert.e2e-spec.ts
index 5425523..5bf7fd8 100644
--- a/metron-interface/metron-alerts/e2e/alerts-list/meta-alerts/meta-alert.e2e-spec.ts
+++ b/metron-interface/metron-alerts/e2e/alerts-list/meta-alerts/meta-alert.e2e-spec.ts
@@ -158,7 +158,7 @@ describe('Test spec for meta alerts workflow', function() {
       'source:type': '1',
       'ip_dst_addr': '7',
       'enrichm...:country': '3',
-      'ip_src_addr': '2'
+      'ip_src_addr': '4'
     };
     let alertsInMetaAlerts = [
       '82f8046d-d...03b17480dd',

http://git-wip-us.apache.org/repos/asf/metron/blob/4519f721/metron-interface/metron-alerts/e2e/alerts-list/table-view/table-view.e2e-spec.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/e2e/alerts-list/table-view/table-view.e2e-spec.ts b/metron-interface/metron-alerts/e2e/alerts-list/table-view/table-view.e2e-spec.ts
new file mode 100644
index 0000000..21df423
--- /dev/null
+++ b/metron-interface/metron-alerts/e2e/alerts-list/table-view/table-view.e2e-spec.ts
@@ -0,0 +1,90 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { TableViewPage } from './table-view.po';
+import { LoginPage } from '../../login/login.po';
+import { loadTestData, deleteTestData, AutomationHelper } from '../../utils/e2e_util';
+
+describe('Alerts Table', () => {
+
+  let page: TableViewPage;
+  let loginPage: LoginPage;
+
+  beforeAll(async () => {
+    page = new TableViewPage();
+    loginPage = new LoginPage();
+
+    await loadTestData();
+  });
+
+  afterAll(async () => {
+    await deleteTestData();
+  })
+
+  describe('should sort by colum: ', () => {
+    
+    beforeEach(async () => {
+      await loginPage.login();
+    });
+
+    afterEach(async () => {
+      await loginPage.logout();
+    });
+
+    it('sorting ASC by ip_src_addr', async function() {
+      await page.sortTable('ip_src_addr'); // sorting ASC
+      const ascOrder = [];
+      ascOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-0 cell-3'));
+      ascOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-1 cell-3'));
+      ascOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-2 cell-3'));
+
+      expect(ascOrder).toEqual(['192.168.65.1','192.168.66.0','192.168.66.1']);
+    });
+
+    it('sorting DESC by ip_src_addr', async function() {
+      await page.sortTable('ip_src_addr'); // sorting ASC
+      await page.sortTable('ip_src_addr') // sorting DESC
+      const descOrder = [];
+      descOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-0 cell-3'));
+      descOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-1 cell-3'));
+      descOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-2 cell-3'));
+      
+      expect(descOrder).toEqual(['192.168.138.160','192.168.138.159','192.168.138.158']);
+    });
+
+    it('sorting ASC by Score', async function() {
+      await page.sortTable('Score'); // sorting ASC
+      const ascOrder = [];
+      ascOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-0 score'));
+      ascOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-1 score'));
+      ascOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-2 score'));
+
+      expect(ascOrder).toEqual(['-','-','-']);
+    });
+
+    it('sorting DESC by Score', async function() {
+      await page.sortTable('Score'); // sorting ASC
+      await page.sortTable('Score') // sorting DESC
+      const descOrder = [];
+      descOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-0 score'));
+      descOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-1 score'));
+      descOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-2 score'));
+      
+      expect(descOrder).toEqual(['10','9','8']);
+    });
+  })
+});

http://git-wip-us.apache.org/repos/asf/metron/blob/4519f721/metron-interface/metron-alerts/e2e/alerts-list/table-view/table-view.po.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/e2e/alerts-list/table-view/table-view.po.ts b/metron-interface/metron-alerts/e2e/alerts-list/table-view/table-view.po.ts
new file mode 100644
index 0000000..d57955d
--- /dev/null
+++ b/metron-interface/metron-alerts/e2e/alerts-list/table-view/table-view.po.ts
@@ -0,0 +1,26 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { browser, element, by, protractor, ElementArrayFinder } from 'protractor';
+import { waitForElementVisibility } from '../../utils/e2e_util';
+
+export class TableViewPage {
+  sortTable(colName: string) {
+    return element.all(by.css('table thead th')).all(by.linkText(colName)).get(0).click();
+  }
+}

http://git-wip-us.apache.org/repos/asf/metron/blob/4519f721/metron-interface/metron-alerts/e2e/alerts-list/tree-view/tree-view.e2e-spec.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/e2e/alerts-list/tree-view/tree-view.e2e-spec.ts b/metron-interface/metron-alerts/e2e/alerts-list/tree-view/tree-view.e2e-spec.ts
index 3129674..87008e1 100644
--- a/metron-interface/metron-alerts/e2e/alerts-list/tree-view/tree-view.e2e-spec.ts
+++ b/metron-interface/metron-alerts/e2e/alerts-list/tree-view/tree-view.e2e-spec.ts
@@ -53,7 +53,7 @@ describe('Test spec for tree view', function () {
       'source:type': '1',
       'ip_dst_addr': '8',
       'enrichm...:country': '3',
-      'ip_src_addr': '2'
+      'ip_src_addr': '6'
     };
 
     expect(await listPage.getChangesAlertTableTitle('Alerts (0)')).toEqualBcoz('Alerts (169)', 'for alerts title');
@@ -156,7 +156,7 @@ describe('Test spec for tree view', function () {
     await page.selectGroup('enrichments:geo:ip_dst_addr:country');
     expect(await page.getActiveGroups()).toEqualBcoz(['source:type', 'ip_dst_addr', 'enrichm...:country'], '3 groups should be selected');
 
-    expect(await page.getDashGroupValues('alerts_ui_e2e')).toEqualBcoz(['0', 'alerts_ui_e2e', 'ALERTS', '169'],
+    expect(await page.getDashGroupValues('alerts_ui_e2e')).toEqualBcoz(['36', 'alerts_ui_e2e', 'ALERTS', '169'],
                                                               'Top Level Group Values should be present for alerts_ui_e2e');
 
     await page.expandDashGroup('alerts_ui_e2e');

http://git-wip-us.apache.org/repos/asf/metron/blob/4519f721/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data b/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data
index e3ffbe7..19f5410 100644
--- a/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data
+++ b/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data
@@ -1,21 +1,21 @@
 {"create": { "_id": "dcda4423-75f1-8e14-c567-080962fafc47"}}
-{"enrichments:geo:ip_dst_addr:locID":"5368361","bro_timestamp":1505325572512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574783","enrichments:geo:ip_dst_addr:dmaCode":"803","enrichmentsplitterbolt:splitter:begin:ts":"1492671568547","enrichmentjoinbolt:joiner:ts":"1492671574101","adapter:geoadapter:begin:ts":"1492671572509","enrichments:geo:ip_dst_addr:latitude":"34.0494","uid":"CD23C83kXKw966hJtc","resp_mime_types":["text/plain"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574780","original_string":"HTTP | id.orig_p:49200 status_code:200 method:POST request_body_len:96 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/grizzly/img5.php?t=8r1gf1b2t1kuq42 tags:[] uid:CD23C83kXKw966hJtc resp_mime_types:[\"text\\/plain\"] trans_depth:1 orig_fuids:[\"FS7RhoA94CA7tXRH3\"] host:comarksecurity.com status_msg:OK id
 .orig_h:192.168.138.158 response_body_len:996 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671501.0 id.resp_h:72.34.49.86 resp_fuids:[\"F3FAZQ2jVEyeqyiQB7\"]","ip_dst_addr":"72.34.49.86","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"comarksecurity.com","adapter:geoadapter:end:ts":"1492671573840","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574109","enrichments:geo:ip_dst_addr:longitude":"-118.2641","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F3FAZQ2jVEyeqyiQB7"],"timestamp":1505325572512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671568555","request_body_len":96,"enrichments:geo:ip_dst_addr:city":"Los Angeles","enrichments:geo:ip_dst_add
 r:postalCode":"90014","adapter:hostfromjsonlistadapter:begin:ts":"1492671568737","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/grizzly/img5.php?t=8r1gf1b2t1kuq42","tags":[],"orig_fuids":["FS7RhoA94CA7tXRH3"],"ip_src_port":49200,"threatintelsplitterbolt:splitter:begin:ts":"1492671574109","adapter:threatinteladapter:begin:ts":"1492671574115","status_msg":"OK","guid":"dcda4423-75f1-8e14-c567-080962fafc47","enrichments:geo:ip_dst_addr:country":"US","response_body_len":996}
+{"threat:triage:score":10,"enrichments:geo:ip_dst_addr:locID":"5368361","bro_timestamp":1505325572512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574783","enrichments:geo:ip_dst_addr:dmaCode":"803","enrichmentsplitterbolt:splitter:begin:ts":"1492671568547","enrichmentjoinbolt:joiner:ts":"1492671574101","adapter:geoadapter:begin:ts":"1492671572509","enrichments:geo:ip_dst_addr:latitude":"34.0494","uid":"CD23C83kXKw966hJtc","resp_mime_types":["text/plain"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574780","original_string":"HTTP | id.orig_p:49200 status_code:200 method:POST request_body_len:96 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/grizzly/img5.php?t=8r1gf1b2t1kuq42 tags:[] uid:CD23C83kXKw966hJtc resp_mime_types:[\"text\\/plain\"] trans_depth:1 orig_fuids:[\"FS7RhoA94CA7tXRH3\"] host:comarksecu
 rity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:996 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671501.0 id.resp_h:72.34.49.86 resp_fuids:[\"F3FAZQ2jVEyeqyiQB7\"]","ip_dst_addr":"72.34.49.86","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"comarksecurity.com","adapter:geoadapter:end:ts":"1492671573840","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574109","enrichments:geo:ip_dst_addr:longitude":"-118.2641","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F3FAZQ2jVEyeqyiQB7"],"timestamp":1505325572512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671568555","request_body_len":96,"enrichments:geo:ip_dst_addr:city":"Los Angeles","e
 nrichments:geo:ip_dst_addr:postalCode":"90014","adapter:hostfromjsonlistadapter:begin:ts":"1492671568737","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/grizzly/img5.php?t=8r1gf1b2t1kuq42","tags":[],"orig_fuids":["FS7RhoA94CA7tXRH3"],"ip_src_port":49200,"threatintelsplitterbolt:splitter:begin:ts":"1492671574109","adapter:threatinteladapter:begin:ts":"1492671574115","status_msg":"OK","guid":"dcda4423-75f1-8e14-c567-080962fafc47","enrichments:geo:ip_dst_addr:country":"US","response_body_len":996}
 {"create": { "_id": "350c0e9f-a9db-e100-871f-833cbe5b29d2"}}
-{"bro_timestamp":1505325573512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574785","enrichmentsplitterbolt:splitter:begin:ts":"1492671568556","enrichmentjoinbolt:joiner:ts":"1492671574102","adapter:geoadapter:begin:ts":"1492671573840","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"Cbhgaw1IVL6NGqHpn2","resp_mime_types":["image/png"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574782","original_string":"HTTP | id.orig_p:49209 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/de.png tags:[] uid:Cbhgaw1IVL6NGqHpn2 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:534 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2
 ; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671501.0 id.resp_h:95.163.121.204 resp_fuids:[\"F4cZLM1Rfj48wYg1Pb\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574044","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574109","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F4cZLM1Rfj48wYg1Pb"],"timestamp":1505325573512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568556","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/img/flags/de.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49209,"threatintelsplitte
 rbolt:splitter:begin:ts":"1492671574109","adapter:threatinteladapter:begin:ts":"1492671574780","status_msg":"OK","guid":"350c0e9f-a9db-e100-871f-833cbe5b29d2","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":534}
+{"threat:triage:score":9,"bro_timestamp":1505325573512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574785","enrichmentsplitterbolt:splitter:begin:ts":"1492671568556","enrichmentjoinbolt:joiner:ts":"1492671574102","adapter:geoadapter:begin:ts":"1492671573840","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"Cbhgaw1IVL6NGqHpn2","resp_mime_types":["image/png"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574782","original_string":"HTTP | id.orig_p:49209 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/de.png tags:[] uid:Cbhgaw1IVL6NGqHpn2 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:534 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; W
 OW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671501.0 id.resp_h:95.163.121.204 resp_fuids:[\"F4cZLM1Rfj48wYg1Pb\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574044","ip_src_addr":"192.168.138.159","threatintelsplitterbolt:splitter:end:ts":"1492671574109","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F4cZLM1Rfj48wYg1Pb"],"timestamp":1505325573512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568556","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/img/flags/de.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":4
 9209,"threatintelsplitterbolt:splitter:begin:ts":"1492671574109","adapter:threatinteladapter:begin:ts":"1492671574780","status_msg":"OK","guid":"350c0e9f-a9db-e100-871f-833cbe5b29d2","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":534}
 {"create": { "_id": "b6fff6b7-9b5f-fe43-986f-dfe99d6b78e0"}}
-{"bro_timestamp":1505325574512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574803","enrichmentsplitterbolt:splitter:begin:ts":"1492671568556","enrichmentjoinbolt:joiner:ts":"1492671574102","adapter:geoadapter:begin:ts":"1492671574045","uid":"CUrRne3iLIxXavQtci","trans_depth":100,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574801","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484168699029 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:100
  host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671501.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"node1","adapter:geoadapter:end:ts":"1492671574046","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574109","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325574512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568557","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_
 count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484168699029","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574109","adapter:threatinteladapter:begin:ts":"1492671574782","guid":"b6fff6b7-9b5f-fe43-986f-dfe99d6b78e0","response_body_len":0}
+{"threat:triage:score":8,"bro_timestamp":1505325574512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574803","enrichmentsplitterbolt:splitter:begin:ts":"1492671568556","enrichmentjoinbolt:joiner:ts":"1492671574102","adapter:geoadapter:begin:ts":"1492671574045","uid":"CUrRne3iLIxXavQtci","trans_depth":100,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574801","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484168699029 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://nod
 e1:8080/ trans_depth:100 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671501.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"node1","adapter:geoadapter:end:ts":"1492671574046","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574109","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325574512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568557","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,Se
 rviceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484168699029","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574109","adapter:threatinteladapter:begin:ts":"1492671574782","guid":"b6fff6b7-9b5f-fe43-986f-dfe99d6b78e0","response_body_len":0}
 {"create": { "_id": "acf5a641-9cdb-d7ec-c309-6ea316e14fbe"}}
-{"bro_timestamp":1505325575512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574804","enrichmentsplitterbolt:splitter:begin:ts":"1492671568557","enrichmentjoinbolt:joiner:ts":"1492671574105","adapter:geoadapter:begin:ts":"1492671574046","uid":"CUrRne3iLIxXavQtci","trans_depth":201,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574801","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484169230174 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:201
  host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671501.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"node1","adapter:geoadapter:end:ts":"1492671574046","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574110","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325575512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568557","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_
 count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484169230174","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574110","adapter:threatinteladapter:begin:ts":"1492671574801","guid":"acf5a641-9cdb-d7ec-c309-6ea316e14fbe","response_body_len":0}
+{"threat:triage:score":7,"bro_timestamp":1505325575512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574804","enrichmentsplitterbolt:splitter:begin:ts":"1492671568557","enrichmentjoinbolt:joiner:ts":"1492671574105","adapter:geoadapter:begin:ts":"1492671574046","uid":"CUrRne3iLIxXavQtci","trans_depth":201,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574801","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484169230174 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://nod
 e1:8080/ trans_depth:201 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671501.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"node1","adapter:geoadapter:end:ts":"1492671574046","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574110","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325575512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568557","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,Se
 rviceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484169230174","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574110","adapter:threatinteladapter:begin:ts":"1492671574801","guid":"acf5a641-9cdb-d7ec-c309-6ea316e14fbe","response_body_len":0}
 {"create": { "_id": "32ac21dc-2d63-922a-859e-7b885d338edb"}}
-{"bro_timestamp":1505325576512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574804","enrichmentsplitterbolt:splitter:begin:ts":"1492671568557","enrichmentjoinbolt:joiner:ts":"1492671574105","adapter:geoadapter:begin:ts":"1492671574046","uid":"CUrRne3iLIxXavQtci","trans_depth":54,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574801","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484168537303 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:54 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671501.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121
 ","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"node1","adapter:geoadapter:end:ts":"1492671574046","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574110","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325576512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568557","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484168537303","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574110","adapter:threatinteladapter:begin:ts":"1492671574801","guid":"32ac21dc-2d63-922a-859e-7b885d338edb","response_body_len":0}
+{"threat:triage:score":2,"bro_timestamp":1505325576512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574804","enrichmentsplitterbolt:splitter:begin:ts":"1492671568557","enrichmentjoinbolt:joiner:ts":"1492671574105","adapter:geoadapter:begin:ts":"1492671574046","uid":"CUrRne3iLIxXavQtci","trans_depth":54,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574801","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484168537303 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:54 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671501.0 id.resp_h:192.168.66.121","ip_d
 st_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"node1","adapter:geoadapter:end:ts":"1492671574046","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574110","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325576512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568557","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484168537303","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574110","adapter:threatinteladapter:begin:ts":"1492671574801","guid":"32ac21dc-2d63-922a-859e-7b885d338edb","response_body_len":0}
 {"create": { "_id": "07b29c29-9ab0-37dd-31d3-08ff19eaa888"}}
-{"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325577512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574805","enrichmentsplitterbolt:splitter:begin:ts":"1492671568558","enrichmentjoinbolt:joiner:ts":"1492671574105","adapter:geoadapter:begin:ts":"1492671574046","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CzXaqT1OEPg60SoJ31","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574802","original_string":"HTTP | id.orig_p:49196 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?51424ddd486ff06861fceed24e86b329 tags:[] uid:CzXaqT1OEPg60SoJ31 trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.
 0) ts:1492671501.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574047","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574110","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325577512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568558","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/?51424ddd486ff06861fceed24e86b329","tags":[],"ip_src_port":49196,"threatintelsplitterbolt:splitter:begin:ts":"1492671574110","adapter:threatinteladapter:begin:ts":"1492671574801","status_msg":"OK","guid"
 :"07b29c29-9ab0-37dd-31d3-08ff19eaa888","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0}
+{"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325577512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574805","enrichmentsplitterbolt:splitter:begin:ts":"1492671568558","enrichmentjoinbolt:joiner:ts":"1492671574105","adapter:geoadapter:begin:ts":"1492671574046","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CzXaqT1OEPg60SoJ31","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574802","original_string":"HTTP | id.orig_p:49196 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?51424ddd486ff06861fceed24e86b329 tags:[] uid:CzXaqT1OEPg60SoJ31 trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.
 0) ts:1492671501.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574047","ip_src_addr":"192.168.138.160","threatintelsplitterbolt:splitter:end:ts":"1492671574110","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325577512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568558","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/?51424ddd486ff06861fceed24e86b329","tags":[],"ip_src_port":49196,"threatintelsplitterbolt:splitter:begin:ts":"1492671574110","adapter:threatinteladapter:begin:ts":"1492671574801","status_msg":"OK","guid"
 :"07b29c29-9ab0-37dd-31d3-08ff19eaa888","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0}
 {"create": { "_id": "04a9e4c4-606d-0253-20b4-6e714603c2f2"}}
 {"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325578512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671574806","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671568558","enrichmentjoinbolt:joiner:ts":"1492671574109","trans_id":27248,"adapter:geoadapter:begin:ts":"1492671574047","uid":"CWHzfi498ODM7YJg6b","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574804","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:65315 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:27248 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CWHzfi498ODM7YJg6b RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671501.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts"
 :"1492671568751","Z":0,"adapter:geoadapter:end:ts":"1492671574048","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574110","qclass":1,"timestamp":1505325578512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568558","query":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568751","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":65315,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574110","adapter:threatinteladapter:begin:ts":"1492671574802","guid":"04a9e4c4-606d-0253-20b4-6e714603c2f2"}
 {"create": { "_id": "82f8046d-de35-8e8f-3081-bc03b17480dd"}}
-{"qclass_name":"qclass-32769","bro_timestamp":1505325579512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671574807","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568558","enrichmentjoinbolt:joiner:ts":"1492671574111","trans_id":0,"adapter:geoadapter:begin:ts":"1492671574048","uid":"CgtMqC3lAinR22Xi6c","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574806","original_string":"DNS | AA:false qclass_name:qclass-32769 id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CgtMqC3lAinR22Xi6c RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:32769 ts:1492671501.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","Z":0,"adapter:geoadapter:end:ts":"1492671574048","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574119","qc
 lass":32769,"timestamp":1505325579512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568558","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671568751","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574119","adapter:threatinteladapter:begin:ts":"1492671574804","guid":"82f8046d-de35-8e8f-3081-bc03b17480dd"}
+{"qclass_name":"qclass-32769","bro_timestamp":1505325579512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671574807","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568558","enrichmentjoinbolt:joiner:ts":"1492671574111","trans_id":0,"adapter:geoadapter:begin:ts":"1492671574048","uid":"CgtMqC3lAinR22Xi6c","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574806","original_string":"DNS | AA:false qclass_name:qclass-32769 id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CgtMqC3lAinR22Xi6c RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:32769 ts:1492671501.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","Z":0,"adapter:geoadapter:end:ts":"1492671574048","ip_src_addr":"192.168.65.1","threatintelsplitterbolt:splitter:end:ts":"1492671574119","qc
 lass":32769,"timestamp":1505325579512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568558","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671568751","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574119","adapter:threatinteladapter:begin:ts":"1492671574804","guid":"82f8046d-de35-8e8f-3081-bc03b17480dd"}
 {"create": { "_id": "5c1825f6-75a4-4d5c-9961-f9da3abe3aec"}}
-{"qclass_name":"C_INTERNET","bro_timestamp":1505325580512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671574809","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568559","enrichmentjoinbolt:joiner:ts":"1492671574111","trans_id":0,"adapter:geoadapter:begin:ts":"1492671574048","uid":"CEuiK04pVuL2Su5Rqg","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574806","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CEuiK04pVuL2Su5Rqg RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671501.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","Z":0,"adapter:geoadapter:end:ts":"1492671574048","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574119","qclass":1,
 "timestamp":1505325580512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568559","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671568751","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574119","adapter:threatinteladapter:begin:ts":"1492671574806","guid":"5c1825f6-75a4-4d5c-9961-f9da3abe3aec"}
+{"qclass_name":"C_INTERNET","bro_timestamp":1505325580512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671574809","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568559","enrichmentjoinbolt:joiner:ts":"1492671574111","trans_id":0,"adapter:geoadapter:begin:ts":"1492671574048","uid":"CEuiK04pVuL2Su5Rqg","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574806","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CEuiK04pVuL2Su5Rqg RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671501.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","Z":0,"adapter:geoadapter:end:ts":"1492671574048","ip_src_addr":"192.168.66.0","threatintelsplitterbolt:splitter:end:ts":"1492671574119","qclass":1,
 "timestamp":1505325580512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568559","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671568751","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574119","adapter:threatinteladapter:begin:ts":"1492671574806","guid":"5c1825f6-75a4-4d5c-9961-f9da3abe3aec"}
 {"create": { "_id": "9041285e-94a4-cd90-51f6-4da04a885b53"}}
 {"qclass_name":"C_INTERNET","bro_timestamp":1505325581512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671574809","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568559","enrichmentjoinbolt:joiner:ts":"1492671574111","trans_id":0,"adapter:geoadapter:begin:ts":"1492671574048","uid":"ChMDrL20pLP4UzCncj","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574806","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:ChMDrL20pLP4UzCncj RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671507.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","Z":0,"adapter:geoadapter:end:ts":"1492671574048","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574119","qclass":1,
 "timestamp":1505325581512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568559","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671568751","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574119","adapter:threatinteladapter:begin:ts":"1492671574806","guid":"9041285e-94a4-cd90-51f6-4da04a885b53"}
 {"create": { "_id": "9a969c64-b82c-f2c9-7178-cc001cb011a3"}}

http://git-wip-us.apache.org/repos/asf/metron/blob/4519f721/metron-interface/metron-alerts/e2e/utils/e2e_util.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/e2e/utils/e2e_util.ts b/metron-interface/metron-alerts/e2e/utils/e2e_util.ts
index 9f9180c..428910a 100644
--- a/metron-interface/metron-alerts/e2e/utils/e2e_util.ts
+++ b/metron-interface/metron-alerts/e2e/utils/e2e_util.ts
@@ -2,66 +2,78 @@ import { browser, protractor, by, element, ElementFinder } from 'protractor';
 import request = require('request');
 import fs = require('fs');
 
+const expCond = protractor.ExpectedConditions;
+
 export class UtilFun {
   public static async waitForElementPresence(element: ElementFinder): Promise<void> {
-    let EC = protractor.ExpectedConditions;
     await browser.wait(
-        EC.visibilityOf(element),
-        10000,
-        `${element.locator()} was expected to be visible`
+      expCond.visibilityOf(element),
+      10000,
+      `${element.locator()} was expected to be visible`
     );
   }
 }
 
-export function changeURL(url: string) {
-    return browser.get(url).then(() => {
-        return browser.getCurrentUrl().then((newURL) => {
-            return newURL;
-        });
+export class AutomationHelper {
+
+  static readonly ID_ATTR: String = 'data-qe-id';
+
+  static getElementByQEId(qeId: String) {
+    const attr = AutomationHelper.ID_ATTR;
+    const selector = qeId.split(' ').map(qeIdPart => `[${attr}=${qeIdPart}]`).join(' ');
+    return element(by.css(selector));
+  }
+
+  static getTextByQEId(qeId: String) {
+    const el = AutomationHelper.getElementByQEId(qeId);
+    return browser.wait(protractor.ExpectedConditions.visibilityOf(el))
+    .then(() => {
+      return el.getText();
     });
+  }
+}
+
+export function changeURL(url: string) {
+  return browser.get(url).then(() => {
+      return browser.getCurrentUrl().then((newURL) => {
+          return newURL;
+      });
+  });
 }
 
 export function waitForURL(url: string) {
-  let EC = protractor.ExpectedConditions;
-  return browser.wait(EC.urlIs(url));
+  return browser.wait(expCond.urlIs(url));
 }
 
 export function waitForText(selector, text) {
-  let EC = protractor.ExpectedConditions;
-  return browser.wait(EC.textToBePresentInElement(element(by.css(selector)), text)).catch((error) => console.log(`waitForText:`, error));;
+  return browser.wait(expCond.textToBePresentInElement(element(by.css(selector)), text)).catch((error) => console.log(`waitForText:`, error));;
 }
 
 export function waitForTextChange(element, previousText) {
-  let EC = protractor.ExpectedConditions;
   if (previousText.trim().length === 0) {
     return waitForNonEmptyText(element);
   }
-  return browser.wait(EC.not(EC.textToBePresentInElement(element, previousText))).catch((error) => console.log(`${element.locator()} waitForTextChange:`, error));
+  return browser.wait(expCond.not(expCond.textToBePresentInElement(element, previousText))).catch((error) => console.log(`${element.locator()} waitForTextChange:`, error));
 }
 
 export function waitForElementInVisibility (_element ) {
-    let EC = protractor.ExpectedConditions;
-    return browser.wait(EC.invisibilityOf(_element)).catch((error) => console.log(`${_element.locator()} waitForElementInVisibility:`, error));
+  return browser.wait(expCond.invisibilityOf(_element)).catch((error) => console.log(`${_element.locator()} waitForElementInVisibility:`, error));
 }
 
 export function waitForElementPresence (_element ) {
-    let EC = protractor.ExpectedConditions;
-    return browser.wait(EC.presenceOf(_element)).catch((error) => console.log(`${_element.locator()} waitForElementPresence:`, error));
+  return browser.wait(expCond.presenceOf(_element)).catch((error) => console.log(`${_element.locator()} waitForElementPresence:`, error));
 }
 
 export function waitForElementVisibility (_element ) {
-    let EC = protractor.ExpectedConditions;
-    return browser.wait(EC.visibilityOf(_element)).catch((error) => console.log(`${_element.locator()} waitForElementVisibility:`, error));
+  return browser.wait(expCond.visibilityOf(_element)).catch((error) => console.log(`${_element.locator()} waitForElementVisibility:`, error));
 }
 
 export function waitForElementPresenceAndvisbility(selector) {
-  let EC = protractor.ExpectedConditions;
-  return browser.wait(EC.visibilityOf(element(by.css(selector)))).catch((error) => console.log(`waitForElementPresenceAndvisbility: `, error));
+  return browser.wait(expCond.visibilityOf(element(by.css(selector)))).catch((error) => console.log(`waitForElementPresenceAndvisbility: `, error));
 }
 
 export function waitForStalenessOf (_element ) {
-    let EC = protractor.ExpectedConditions;
-    return browser.wait(EC.stalenessOf(_element)).catch((error) => console.log(`${_element.locator()} waitForStalenessOf: `, error));
+  return browser.wait(expCond.stalenessOf(_element)).catch((error) => console.log(`${_element.locator()} waitForStalenessOf: `, error));
 }
 
 export function waitForCssClass(elementFinder, desiredClass) {

http://git-wip-us.apache.org/repos/asf/metron/blob/4519f721/metron-interface/metron-alerts/protractor.conf.js
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/protractor.conf.js b/metron-interface/metron-alerts/protractor.conf.js
index 219a8b4..3d35521 100644
--- a/metron-interface/metron-alerts/protractor.conf.js
+++ b/metron-interface/metron-alerts/protractor.conf.js
@@ -30,6 +30,7 @@ exports.config = {
     './e2e/alerts-list/configure-table/configure-table.e2e-spec.ts',
     './e2e/alerts-list/save-search/save-search.e2e-spec.ts',
     './e2e/alerts-list/tree-view/tree-view.e2e-spec.ts',
+    './e2e/alerts-list/table-view/table-view.e2e-spec.ts',
     './e2e/alerts-list/alert-filters/alert-filters.e2e-spec.ts',
     './e2e/alerts-list/alert-status/alerts-list-status.e2e-spec.ts',
     './e2e/alert-details/alert-status/alert-details-status.e2e-spec.ts',

http://git-wip-us.apache.org/repos/asf/metron/blob/4519f721/metron-interface/metron-alerts/src/app/alerts/alerts-list/table-view/table-view.component.html
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/table-view/table-view.component.html b/metron-interface/metron-alerts/src/app/alerts/alerts-list/table-view/table-view.component.html
index 4793efa..027f57a 100644
--- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/table-view/table-view.component.html
+++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/table-view/table-view.component.html
@@ -12,7 +12,7 @@
   the specific language governing permissions and limitations under the License.
   -->
 <div class="table-wrapper">
-  <table class="table table-sm" metron-config-table [data]="alerts" [cellSelectable]="true" (onSort)="onSort($event)" style="white-space: nowrap;" (window:resize)="resize()" #table>
+  <table attr.data-qe-id="{{'alerts-table'}}" class="table table-sm" metron-config-table [data]="alerts" [cellSelectable]="true" (onSort)="onSort($event)" style="white-space: nowrap;" (window:resize)="resize()" #table>
     <thead>
     <tr>
       <th width="15" class="dropdown-cell"> </th>
@@ -27,15 +27,15 @@
     <ng-container *ngFor="let alert of alerts; let alertIndex = index;">
 
       <ng-container *ngIf="!alert.source.metron_alert || alert.source.metron_alert.length === 0">
-        <tr (click)="showDetails($event, alert)" [ngClass]="{'selected' : selectedAlerts.indexOf(alert) != -1}">
+        <tr attr.data-qe-id="{{'row-' + alertIndex}}" (click)="showDetails($event, alert)" [ngClass]="{'selected' : selectedAlerts.indexOf(alert) != -1}">
           <td width="15" class="icon-cell"></td>
           <td (click)="addFilter(threatScoreFieldName(), getScore(alert.source))">
             <div appAlertSeverity [severity]="getScore(alert.source)">
-              <a> {{ hasScore(alert.source) ? getScore(alert.source) : '-' }} </a>
+              <a attr.data-qe-id="{{'score'}}"> {{ hasScore(alert.source) ? getScore(alert.source) : '-' }} </a>
             </div>
           </td>
-          <td *ngFor="let column of alertsColumnsToDisplay" #cell>
-            <a (click)="addFilter(column.name, getValue(alert, column, false))" title="{{getValue(alert, column, true)}}" style="color:#689AA9">
+          <td *ngFor="let column of alertsColumnsToDisplay; let columnIndex = index;" #cell>
+            <a  attr.data-qe-id="{{'cell-' + columnIndex}}" (click)="addFilter(column.name, getValue(alert, column, false))" title="{{getValue(alert, column, true)}}"  style="color:#689AA9">
               {{ getValue(alert,column, true) | centerEllipses:20:cell }}
             </a>
           </td>


Mime
View raw message